OpenSAML user discussion

["Scott Cantor" <>]

> 1) What functions/classes to be used to validate a SAML 
> response document using BROWSER POST PROFILE? If I can get 
> the code snippet, that will be very helpful to us. I am 
> verifying SAML assertion using Signature.

There's some code in the old library related to the browser profiles, the
Java version isn't well tested though. It's in the SAMLBrowserProfile class
hierarchy and is somewhat pluggable, with a built-in version provided as a
sample implementation in the ....provider package.

As far as signatures go, you're basically left to do that, there's no trust
processing in the old version, just raw methods for verifying with a given
key.

The new library is radically more advanced in these areas.

> 2) Any specific configurations needed for OpenSaml API on Apache?

The OpenSAML code is not really related to Apache, it's a lower level
library. The Java version also can't possibly have much to do with an Apache
module, unless you're going from C to Perl to Java or something.

I guess it's worth saying, per usual, that Shibboleth already implements
SAML 1.1 SSO on top of OpenSAML for Apache. 

-- Scott